Thanks for visiting our website and using our services! GumGum is committed to providing you with meaningful information and making sure you know your rights when it comes to any information you share with us. We want you to know that we are a “Privacy Forward” company and we embrace protecting consumer privacy. Our goal is to be transparent about the data we and our partners collect and inform you about how your data is (or is not) used, so that you can exercise your right to control the use of your personal data.
This Privacy Policy describes how GumGum collects, uses and shares personal information on its website and, if applicable, mobile devices. When we say “GumGum,” “we,” or “us” in this Privacy Policy, we mean the GumGum entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below. This Privacy Policy is also relevant for any European Economic Area (“EEA”) or California resident sharing his/her personal data directly or indirectly with GumGum and is provided in a layered format so you can click through to the specific areas set out below. Please also refer to the Glossary to understand the meaning of some of the terms used in this Privacy Policy.
First, you’ll be happy to know that GumGum doesn’t know who you are! We don’t know your name, the names of your family or friends, yours or their phone number, home address, exact location - nothing! So, then you may be wondering how is it that you keep receiving ads that seem to be “targeting” you? Well, let us explain. GumGum serves advertisements contextually – meaning, we only use images and text to serve ads relevant to you based on your browsing habits. We have no idea who you are, only that you enjoy shopping for sneakers!
How do we do it? Well, everyone has heard of cookies. No; not the chocolate chip or peanut butter variety but the small text files sent by us to your computer or mobile device that enables GumGum features and functionalities that are unique to your account or your browser. To find out more about cookies, visit this site.
For advertising, cookies help GumGum to:
As you see, we do not in any way collect any of your personal data or information. We really don’t want it. We just want to keep serving ads to you based on things you’re already shopping for!
Did we mention we are transparent? The table below explains exactly what kind of data we collect. We use the data to:
For both our Advertising and Sports lines of business, we also collect, use and share aggregated data (e.g., statistical or demographic data). In Advertising, though this aggregated data may be derived from your personal information, it is not considered personal information under the law because this information does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. If, however, we happen to combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information, which will be used strictly in accordance with this Privacy Policy.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.
You can always ask us or third parties to stop sending you marketing message, even if you gave your consent previously. Just log into the website and check or uncheck relevant boxes to adjust your marketing preferences or you can click the opt-out links on any marketing message sent to you, or click here: Exercise Your Rights.
Opting out of receiving marketing messages does not apply to personal data provided to us as a result of a product/service purchase or experience or other transactions.
We will only use your personal information for the purposes which it was collected for, unless we reasonably determine that we need to use it for another purpose that is compatible with the original. If you want to know how the processing for the new purpose is compatible with the original purpose, please Contact Us.
Special Categories. We do not collect any sensitive personal information about you, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information.
Age Restrictions/Limitations. GumGum does not knowingly permit the use of our Services and Websites by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please Contact Us and we will take immediate action to delete such information.
We use different methods to collect information from and about you, including:
Direct interactions. You (on behalf of a business or as an individual) may give us personal information by registering for one of our Service dashboards or platforms, completing online forms, or by corresponding with us by phone, email or otherwise. Examples of the types of Services or online correspondence you may provide such personal information may include:
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
GumGum is a National Advertising Initiative (NAI) Member. As such, if you are interested understanding or learning more about tailored browser advertising and how you can best control cookies from being put on your device, please visit NAI Consumer Opt-Out or the Digital Advertising Alliance’s (DAA) Consumer Opt-Out. Here you can opt-out of receiving tailored advertising from businesses that participate in those programs.
You can also set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our or our partner website may become inaccessible or not function properly. For more information about the cookies we use, please see OUR COOKIE POLICY.
Our website or platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.
We may engage third parties as service providers or business partners to process other information and support our business or services that we provide pursuant to our obligations under a written agreement. These third parties may, for example, provide virtual computing and storage services.
We require all third parties with whom we work to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
We have put in place appropriate technical and organizational security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and are subject to a duty of confidentiality. They will only process your personal information on our instructions.
We have procedures to deal with any suspected personal data breach. If we are required by law to tell you about any unauthorized access of your personal information, we may notify you in writing or by telephone. We will also notify any applicable regulator of a breach that we are legally required to. Unfortunately, no method of transmission over the Internet or method of electronic storage is fully secure so, we cannot guarantee the security of your personal information. But rest assured, we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure.
Some of our websites permit you to create an account, which requires you to create a password. You are responsible for maintaining the confidentiality of your password and for any access to or use of your account by someone else with your password, whether or not it has been authorized by you. You should notify us of any unauthorized use of your password or account.
We only keep your personal information for as long as we need it to fulfill business purposes while fulfilling our obligations pursuant to a contract, as permitted by law, and/or in satisfying any legal, accounting, or other regulatory reporting requirements.
When we decide how long to keep your personal information, we consider (1) the amount, nature and sensitivity of the personal information, (2) the potential risk of harm from unauthorized use or disclosure of your personal information, (3) the purposes of processing your personal information and whether we can achieve those purposes through other means, and (4) the applicable legal requirements – all with a commitment to make sure your rights are not any less protected regardless thereof.
If you are internationally located, including the European Union, we may share your personal information with other GumGum entities outside of your country, like the United States. Some of our external third parties are global and based outside of the EEA so their processing of your personal information may involve a transfer of data outside the EEA.
Whenever we transfer your personal information outside of the EEA, we make sure a similar degree of protection is afforded to you by ensuring at least one of the following safeguards is implemented:
If you are an EEA resident, you have the right to access, rectify, download, or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
You can access your personal data by submitting a data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may also request to correct any incomplete or inaccurate personal data that we hold about you. However, we may need to verify the accuracy of the new data you provide to us.
You have the right to ask us to rectify, restrict, limit, or remove the processing of your personal data where (1) there is no good reason for us to continue processing it, (2) we may have processed information inaccurately, unlawfully or (3) we were required to erase for compliance with local law. Note that we may not always be able to comply with your request to erase for specific legal reasons, which will be notified to you at the time of your request.
You may also request the transfer of your personal data to a third party, in which we will provide your personal data in a structured, commonly used and machine-readable format. This right only applies to automated information that you previously consented for us to use and/or used to perform a contract with you.
You may object to the processing of your personal data in certain circumstances when relying on a legitimate interest of yours or of a third party that you feel impedes on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
You may also withdraw consent to processing your personal data at any time. This does affect the lawfulness of any processing we have done prior to your consent withdrawal, and we may not be able to provide certain products or services to you after your consent withdrawal. We will notify you if this is the case at the time of your consent withdrawal.
If you wish to exercise any of the rights set out above, please contact us at dataprivacy@gumgum.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any other right). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within thirty (30) days. Occasionally, however, it may take us longer to process your request if it is particularly complex and/or if you have made multiple requests. In this case, we will notify you and keep you updated on the status of your request(s).
If you are based in the European Union, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO)—the UK supervisory authority for data protection issues ICO UK. We would, however, appreciate the chance to address your concerns before you approach the ICO so, please contact us in the first instance.
Name of the Lead Supervisory Authority overseeing GumGum (Controller):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: +44 (0) 0303 123 1113
Email: icocasework@ico.org.uk
GumGum UK Limited
WeWork Building
138 Holborn
London, UK EC1N2SW, GB
Company Number: 09922859
Email: Global Compliance Officer
Phone: 1-310-260-9666
GumGum, Inc.
Data Protection Officer
1314 7th Street, 4th Floor
Santa Monica, CA 90401
Email: Global Compliance Officer
Phone: 1-310-260-9666
The CCPA requires businesses that are subject to this law to provide consumers who reside in California with certain rights with respect to their personal information.
As a California resident and within 45 days, GumGum will respond to your right to:
Should you choose to exercise any of your rights above, CCPA allows consumers to make a personal information request no more than twice in a 12-month period and that business will need to collect information from the requesting party so that It can verify a Consumer’s identity. However, because GumGum collects very limited personal data that is further pseudo-anonymized, most times we will not be able to provide you with copies of specific personal information or delete same.
For California Residents Only: GumGum provides two ways to exercise your rights: Compete the form at DO NOT SELL or call 866-I-OPT-OUT and enter service code 319 when prompted. To assure a timely and accurate response, we kindly ask that you contact us by selecting only one of these methods.
GumGum may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, GumGum will provide additional notice, such as via email or through the Services.
Questions or concerns about this policy, please email us at: dataprivacy@gumgum.com.
Ad Delivery and Reporting (ADR) is separate and distinct from Personalized Advertising, and means the collection or use of data about a browser or device for the purpose of delivering ads or providing advertising-related services, including, but not limited to: providing a specific advertisement based on a particular type of browser, device, or time of day; statistical reporting, traffic analysis, analytics, optimization of ad placement; ad performance, reach, and frequency metrics (e.g., frequency capping); security and fraud prevention; billing; and logging the number and type of ads served on a particular day to a particular website, application, or device.
Applicable Laws means laws, rules, directives, regulations issued or enacted by any government entity (including any domestic or foreign, supra-national, state, county, municipal, local, territorial or other government, which includes to the extent applicable, Directive 95/46/EC, Directive 2002/58/EC, European Commission decisions and guidance) each as transposed into domestic legislation of each Member State or other country and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR, and any industry self-regulatory principles that are applicable in the location or region where the Services are provided or received, related to the Processing of Personal Data or the interception, recording or monitoring of communications.
CCPA means Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by the California Governor on June 28, 2018 (California Consumer Protection Act, “CCPA”).
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Cross-App Advertising is the collection of data across applications owned or operated by different entities on a particular device for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.
Cross-Device Linking is the practice of linking two or more devices or browsers used or likely used by the same user, for advertising purposes.
De-Identified Data is data that is not linked or intended to be linked to an individual, browser, or device.
Device-Identifiable Information (DII) Formerly referred to as “Non-PII,” Device-Identifiable Information (DII) is any data that is linked to a particular browser or device if that data is not used, or intended to be used, to identify a particular individual. DII may include, but is not limited to, unique identifiers associated with browsers or devices, such as cookie identifiers or advertising identifiers, and IP addresses, where such data is not linked or intended to be linked to PII. DII includes data that is linked to a series of browsers or devices linked through Cross-Device Linking, if that data is not used, or intended to be used, to identify a particular individual. DII does not include De- Identified Data.
EU Model Clauses means the standard contractual clauses approved by European Commission on standard contractual clauses for the transfer of Personal Data to Processors or Controllers established in third countries (but which shall exclude any contractual clauses designated by the European Commission as optional in that decision), as amended or replaced from time to time by the European Commission.
GDPR (General Data Protection Regulation) means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC; The terms, “Controller”, “Processor” “Data Subject”, “Member State”, “Personal Data” or “Data”, “Personal Data Breach”, and “Processing”, and “Supervisory Authorities” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
Interested Party means the party to the Main Agreement and on whose behalf GumGum processes the Personal Data of Interested Party or of Interested Party’s clients, whether received from Data Subjects/Consumers, third parties or Interested Party.
Interest-Based Advertising means the collection of data across web domains owned or operated by different entities for the purpose of delivering advertising based on preferences or interests known or inferred from the data collected.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
Main Agreement means the agreement between the Interested Party and GumGum whereby GumGum provides the Services and, in connection with the supply of such Services, engages in the processing of Personal Data of Data Subjects on behalf of Data Controller.
Opt-In Consent Opt-In Consent is an affirmative action taken by an individual that manifests the intent to opt in.
Opt-Out Mechanism is an easy-to-use mechanism by which individuals may exercise choice to disallow Personalized Advertising with respect to a particular browser or device.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Personal Directory Data is calendar, address book, phone/text log, or photo/video data (including any associated metadata), or similar data created by a user that is stored on or accessed through a device.
Personalized Advertising is a collective term for Interest-Based Advertising, Cross-App Advertising, and Retargeting, as well as any combination of these practices.
Personally-Identifiable Information (PII) is any information used, or intended to be used, to identify a particular individual, including name, address, telephone number, email address, financial account number, and government-issued identifier.
Precise Location Data is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of an individual or device, such as GPS-level latitude-longitude coordinates or location-based Wi-Fi triangulation.
Retargeting is the practice of collecting data about a browser’s or device’s activity in one unaffiliated web domain or application for the purpose of delivering an advertisement based on that data in a different, unaffiliated web domain or application.
Sensitive Data means and includes:
Services means the services as defined in the Main Agreement between Interested Party and GumGum.
Sub-processor means any third party (including any Processor affiliate) appointed by or on behalf of Data Processor to process Personal Data on behalf of Interested Party in connection with an Agreement.
Viewed Content Advertising is the collection of Viewed Content Information, or the use of such data for the purpose of tailoring advertising based on preferences or interests known or inferred from the data collected. Viewed Content Information is data about the video content viewed on a television.